logo
episode-header-image
Jul 2024
2h 30m

SN 985: Platform Key Disclosure - Crowds...

TWiT
About this episode
  • Crowdstrike post-mortem
  • PiDP-11
  • What Crowdstrike is fixing
  • Marcus Hutchins on who is to blame
  • Entrust's Updated Info
  • 3rd-Party Cookie Surprise
  • Security training firm mistakenly hires a North Korean attacker
  • Google and 3rd party cookies
  • Google's influence
  • The auto industry and data brokers
  • DNS Benchmark on Mac
  • Platform Key Disclosure

Show Notes - https://www.grc.com/sn/SN-985-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Up next
Aug 5
SN 1037: Chinese Participation in MAPP - Why Signal is Leaving Australia
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrom ... Show More
2h 47m
Jul 22
SN 1035: Cloudflare's 1.1.1.1 Outage - Bypassing Passkey Protections
Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet ... Show More
2h 48m
May 27
SN 1027: Artificial Intelligence - The Status of Encrypted Client Hello
What the status of Encrypted Client Hello (ECH)? What radio technology would be best for remote inverter shutdown? Some DNS providers already block newly listed domains. Knowing when not to click a link can take true understanding. Why can losing a small portion of a power grid b ... Show More
2h 54m
Recommended Episodes
Dec 2022
512: Owned With a P
Pre-show: Past-Marco made poor life choices, and today-Marco paid the price Follow-up: Mastodon instances and federation Hive Social is going… well, it’s not really going actually Sharrow 👍 Merlin is vindicated; it’s a real thing 👎 …but it’s not exactly a “share arrow”. But it ... Show More
1h 56m
Jun 11
Ghost students “haunting” online colleges.
Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal gover ... Show More
37m 6s
Jul 2024
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fi ... Show More
36m 53s
Apr 2021
An old Facebook database handed over to skids (and it’s a big database). APTs look for vulnerable FortiOS instances. Cryptojacking in GitHub infrastructure. Risk and water utilities.
An old leaked database has been delivered into the hands of skids. (The news isn’t that the data are out there; it’s that the skids now have it. For free.) CISA and the FBI warn that APTs are scanning for vulnerable Fortinet instances. Cryptojackers pan for alt-coin in GitHub’s i ... Show More
21m 8s
Aug 2024
Confidential or compromised?
The Trump campaign claims its email systems were breached by Iranian hackers. A Nashville man is arrested as part of an alleged North Korean IT worker hiring scam. At Defcon, researchers reveal significant vulnerabilities in Google’s Quick Share. Ransomware attacks hit an Austral ... Show More
30m 47s
Dec 2020
SLP238 Zach Herbert & Ken Carpenter - Passport by Foundation Devices: Air Gapped Hardware Wallet
The market for high quality hardware wallets is becoming more competitive with new entrants over time. Zach Herbert & Ken Carpenter of Foundation Devices join me to talk about their new upcoming product, Passport. Passport is fully air gapped (QR or microSD), PSBT, and designed w ... Show More
1h 3m
May 13
Log4j vulnerability (noun) [Word Notes]
Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/log4j⁠ Audio reference link: “⁠CISA Dire ... Show More
9m 16s
Jun 2019
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
Jason, an Iranian brute-forcing tool, has been leaked. A third-party breach affects customer and patient data held by Quest Diagnostics. Eurofins Scientific is recovering from a ransomware attack. A look at Baltimore City’s ransomware infestation shows no signs of EternalBlue, se ... Show More
21m 27s
Aug 2024
Hackers strike LiteSpeed cache again.
The exploitation of the LiteSpeed Cache Wordpress plugin has begun. Halliburton confirms a cyberattack. Velvet Ant targets Cisco Switch appliances. The Qilin ransomware group harvests credentials stored in Google Chrome. Ham radio enthusiasts pay a million dollar ransom. SolarWin ... Show More
30m 5s
Listen to millions of songs and podcasts on Anghami